<?php

class FP_Controller_Plugin_Acl extends Zend_Controller_Plugin_Abstract {

    public function preDispatch(Zend_Controller_Request_Abstract $pRequest){
	$controller = $pRequest->getControllerName();
	$action     = $pRequest->getActionName();
	$url        = $pRequest->getRequestUri();



 	if ($controller == 'error'){
	    //Error controller is exempt from acl check
//  	    $pRequest->setControllerName($controller);
//  	    $pRequest->setActionName($action);
 	    return;
 	}

	$acl        = FP_Application::getAcl();
	$session    = FP_Application::getSession();

	$resource   = "{$controller}.{$action}";



	if (FP_Application::hasIdentity()){
	    $role =& FP_Application::getIdentity();
	    logdebug("FP_Controller_Plugin_Acl.preDispatch: Authorizing $resource for role " . $role->getRoleId());
	    if (!$acl->isAllowed($role, $resource, PERMISSION_ACCESS))
		throw new FP_Acl_Exception('Access Denied required', FP_Acl_Exception::ACCESS_DENIED);
	    logdebug("FP_Controller_Plugin_Acl.preDispatch: Authorized $resource for " . $role->getRoleId());
	} else {
	    logdebug("FP_Controller_Plugin_Acl.preDispatch: Authorizing $resource for guest");

	    if (!$acl->isAllowed('role-guest', $resource, PERMISSION_ACCESS)){
		throw new FP_Acl_Exception('Authentication required', FP_Acl_Exception::AUTH_REQUIRED);
	    }
	    logdebug("FP_Controller_Plugin_Acl.preDispatch: Authorized $resource for guest");
	}


    }

}

?>